<?php

include("connectDB.php");

//checks cookies to make sure they are logged in
if(isset($_COOKIE['c4707p1']))
{
	//get username and immediately delete it.
	$name = $_COOKIE['c4707p1_username'];
	setcookie('c4707p1_username', 'xxxxxxxxx', time() - 3600);	
	$expire = $_COOKIE['c4707p1_exptime'];	
	$mac = $_COOKIE['c4707p1'];
	
	if (isset($_POST['submit'])){
		$name = $_POST['username'];
		//die($name);
	}
	
	$result = mysql_query("SELECT * FROM users WHERE username = '".$name."'")or die(mysql_error());
	while($entry = mysql_fetch_array( $result ))
	{
		$temp = $name.$entry['password'].$expire;
		$temp =  crypt($temp, $entry['salt']);
		//die($temp);
		
		
		//echo $secretName;
		//if the cookie has the wrong password, they are taken to the login page
		if($temp != $mac){
			die ("The cookies have been forged! Be alert!");
		}
		//otherwise they are shown the admin area
		else{
			//echo $_GET['user'];
			echo "Welcome, <strong>".$name."</strong>!<p>";
			echo "This is the user's page!<p>";
			echo "Click the button below to switch to the administrator view if you are administrator<p>";
			?>
			<form action="admin1.php" method="post">
				<table border="0">
					<tr>
						<td colspan="2" align="right">
							<input type="hidden" name="username" value="<?php echo $name ?>">
							<input type="submit" name="submit" value="Administrator View">
						</td>
					</tr>
				</table>
			</form>			
			<?php
			echo "<a href=logout.php>Logout</a>";
		}
	}
}
else
//if the cookie does not exist, they are taken to the login screen
{
	echo "You have not logged in or timeout! Redirecting to the login page...";
	header("Refresh: 1; url = login.php");
}
?>
